01-19-2017 12:01 PM - edited 03-17-2019 06:38 PM
Hello
I have been asked if it is possible to limit Jabber registrations to devices provided by the employer. If such is possible, I would appreciate any direction given.
01-19-2017 01:25 PM
Ron
Today there isn't a perfect solution for this, user based policy enforcement and that too broken down by modality of communication like IM vs voice/video is on the roadmap. You can however use cert based auth with x8.9 and if you don't have the cert you won't login
Planning Guide for Cisco Jabber 11.7 - User Management [Cisco Jabber for Windows] - Cisco
01-19-2017 01:36 PM
Srinivasan
I did read this, but interpreted it to mean that the user would no longer require credentials. Is this correct?
01-19-2017 01:43 PM
Also allow me to add this is an on premise non cloud install
01-19-2017 01:51 PM
Yes uses expressway and your MDM solutions to push cert and of course UCM
Thanks
Srini
01-19-2017 07:07 PM
The cert would identify the user so yes it's basically SSO with certs
Thanks
Srini
02-18-2017 01:47 PM
Srinivasan
I have enabled SSO on VCS-E, VCS-C, and call manager. VCS is set for exclusive MRA mode. SSO IdP is ADFS 2.0. USers are logging in via SSO. They can still use personal devices without certs on them to login just by knowing their AD credentials. Do I need to expand the relay or CoT to include the CA cert provider? If so please do detail how to go about doing so.
02-18-2017 03:48 PM
Ron
Not sure since I don’t have a client who has deployed it yet. Maybe a case for TAC to check if this is working as designed. You would think without the certificate, the client won’t be allowed to login, if they found your password but I am not sure. I know more security policies through expressway are being planned like controlling user group access by type of communication but that shouldn’t stop this from working. Let me know what was the end result though?
Srini Kilambi
02-19-2017 10:19 AM
Srini
I am thinking now along the lines of the IdP processing. Currently we are only doing form validation for credentials via Microsoft ADFS 2.0. I believe going to ADFS 4.0 and incorporating certificate validation is going to be the next step.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide